1

Regarding How to force clients to connect to WiFi automatically? and this situation:

  • my neighbour is connected to his private Wi-Fi
  • I have a Pineapple Nano broadcasting public SSID's (McDonald, Starbuck, etc, but NOT his WPA protected WiFi)

As part of my OpSec audit, is it possible for me to de-auth his device from his Wi-Fi and decoy it to connect to my public Wi-Fi network? Will it prefer my public WiFi or his own private one?

safesploit
  • 1,827
  • 8
  • 18
JointEffort
  • 113
  • 5
  • 1
    Not legally. Unless you have explicit permission from your neighbor to do this, you're breaking the law! – Daisetsu Oct 09 '18 at 18:11
  • He requested me to do an audit, so technically? :-) – JointEffort Oct 09 '18 at 18:17
  • 1
    Did he "dare" you to break in, or did he explicitly request an audit, and tell you what's in scope for this "audit"? – Daisetsu Oct 09 '18 at 18:19
  • If you're trying to educate me about ethical hacking: you succeeded. However I was looking for a technical answer. Thanx anyway. – JointEffort Oct 09 '18 at 18:36
  • As far as the question, yes deauth attacks exist and companies have been fined for using them (https://en.m.wikipedia.org/wiki/Wi-Fi_deauthentication_attack). It's unlikely his system would prefer your connection even if it appeared as a network he had previously connected to, and had settings set to rejoin, since his WiFi is likely going to have a better signal. – Daisetsu Oct 09 '18 at 18:46
  • @JointEffort It's not about educating you, it's mainly about the site rules most of us follow. – Azteca Oct 18 '18 at 16:56

1 Answers1

1

By placing your Wi-Fi interface which supports packet injection into monitor mode, you will be able to issue deauth (deauthentication) packets.

Deauth packets can be crafted via the Aircrack-ng suite. This can be done by the following:

 aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:AE:CE:9D wlan0

which instructs interface wlan0 to send one deauth packet for the following AP and client, as instructed with the MAC addresses.

With this in mind. Different OSs respond differently to disconnecting from a Wi-Fi network. Some may automatically reconnect to the last network, while others may automatically connect to a recognised network based on signal strength. If the signal strength is the scenario, then this became very simple. The signal strength of your Pineapple Nano must be greater than that of the Wi-Fi AP. The signal strength is based on where the client (the neighbour's laptop) is situated. Merely having the Pineapple Nano closer to the client will cause it to reconnect to the Pineapple Nano's public (rogue) network instead of the private Wi-Fi AP.

Such that, if the client's signal strength for the Pineapple Nano is greater than the Wi-Fi AP, then the client will connect to the rogue network, else the attack failed.

safesploit
  • 1,827
  • 8
  • 18